The domain 3irqbg-dm2305.files.1drv.com registered by Microsoft Corporation was initially registered in August of 2013 through MARKMONITOR INC.. Currently this domain has been known to host various forms of malware. The hosted servers are located in Redmond, Washington within the United States which resides on the Microsoft Corporation network.
Registrant:
Microsoft Corporation
Registrar:
MARKMONITOR INC.
Server location:
Washington, United States (US)
Create date:
Monday, August 5, 2013
Expires date:
Friday, August 5, 2016
Updated date:
Sunday, July 5, 2015
ASN:
AS8075 MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation,US
Google Safe Browsing:
unwanted
Scanner detections:
Malware distribution (93% detected)
Scan engine
Details
Detections
IKARUS anti.virus
Virus.Win32.CryptExe, Trojan-Spy.Win32.Banker.add, Trojan-Downloader.MSIL.Banload, Trojan-Downloader.Banload, Trojan-Downloader.Win32.Banload
80.00%
ESET NOD32
Win32/TrojanDownloader.Banload.WML (variant), MSIL/TrojanDownloader.Banload.EU (variant), Win32/TrojanDownloader.Banload.WOK (variant)
66.67%
Bitdefender
Gen:Variant.Symmi.56028, Gen:Variant.Strictor.97316, Gen:Variant.Kazy.737350, Trojan.GenericKD.2785744, Trojan.GenericKD.2795735
66.67%
Emsisoft Anti-Malware
Gen:Variant.Symmi.56028, Gen:Variant.Strictor.97316, Gen:Variant.Kazy.737350, Trojan.GenericKD.2785744, Trojan.GenericKD.2795735
66.67%
G Data
Gen:Variant.Symmi.56028, Gen:Variant.Strictor.97316, Gen:Variant.Kazy.737350, Trojan.GenericKD.2785744, Trojan.GenericKD.2795735
66.67%
Vba32 AntiVirus
Trojan.Svchost.5505, suspected of Trojan.Downloader.gen.h, Trojan-Banker.2421
66.67%
MicroWorld eScan
Gen:Variant.Symmi.56028, Gen:Variant.Strictor.97316, Gen:Variant.Kazy.737350, Trojan.GenericKD.2795735, Trojan.GenericKD.2785394
60.00%
Kaspersky
HEUR:Trojan.Win32.Generic, UDS:DangerousObject.Multi.Generic, Trojan-Downloader.Win32.Banload
60.00%
F-Secure
Gen:Variant.Symmi.56028, Gen:Variant.Strictor.97316, Gen:Variant.Kazy.737350, Trojan.GenericKD.2795735, Trojan.GenericKD.2785394
60.00%
AVG
Luhe.Fiha.A, Downloader.MSIL, Downloader.Banload2, Generic36
60.00%
Avira AntiVirus
TR/Crypt.Xpack.279728, TR/Dropper.MSIL.201227, TR/Samca.A.233, TR/Dldr.Agent.223232.5, TR/Crypt.UPKM.Gen, TR/Dldr.Banload.754
53.33%
avast!
Win32:Malware-gen, MSIL:Banker-DO [Trj], Win32:Dropper-gen [Drp], Win32:Banker-MJB [Trj], Win32:Banker-MID [Trj]
53.33%
Lavasoft Ad-Aware
Gen:Variant.Symmi.56028, Gen:Variant.Strictor.97316, Gen:Variant.Kazy.737350, Trojan.GenericKD.2785394, Trojan.Generic.15108247
46.67%
Fortinet FortiGate
W32/Generic.WML!tr, W32/Banload.WOK!tr.dldr, MSIL/Banload.EU!tr.dldr, W32/Banload.WOV!tr.dldr, W32/Banload.WOT!tr.dldr
46.67%
The domain 3irqbg-dm2305.files.1drv.com has been seen to resolve to the following IP address.
a-0011.a-msedge.net
September 21, 2015
File downloads found at URLs served by 3irqbg-dm2305.files.1drv.com.
The following 100 files have been seen to comunicate with 3irqbg-dm2305.files.1drv.com in live environments.
URL:
http://3irqbg-dm2305.files.1drv.com/
SSL certificate subject:
CN=storage.live.com, OU=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=WA, C=US
SSL certificate issuer:
CN=Microsoft IT SSL SHA2, OU=Microsoft IT, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Web server:
Microsoft-IIS/8.5
Related Domains